My code must be soooo close!

Ok I posted recently regarding another problem with an earlier part of this code but here is my second error.

"Failed at add_member construction."

And the code that makes it:

$pass = $_POST['pass'];
$username = $_POST['username'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
$username = addslashes($username);
$email = addslashes($email);
}

// now we insert it into the database
$insert = "INSERT INTO userinfomj VALUES ('".$username."', '".$pass."', '".$email."')" or die("Failed at query construction");
$add_member = mysql_query($insert) or die("Failed at add_member construction");

PHP:

So my problem comes down to getting the VALUE's to enter my variables as I can get it too work with plan "bob", "1234", "bob@here.com" text entries. However I need it to input to the database variables which are presented through a form.

I know all the variables are setting correctly and that all previous code works (I haven't included all since there is quite a bit).

In short - How do I get the VALUE's to be the variables $username $pass $email.

Cheers

 

If i understand your question correctly, then your asking how to pass the values from the page, into your $_post values?

If so... Use html forms...

<form name="form1" action="your-php-page.php" method="post">
<input type="text" name="username" value="username" />
<input type="text" name="pass" type="password" />
<input type="text" name="email" value="a@b.com" />
</form>

HTML:

Also:

Your defineing $pass twice, without using the first one, It would be best if you did:

$pass = md5($_POST['pass']);
$username = $_POST['username'];
$email = $_POST['email'];

PHP:

Shane

 

Thankyou Shane but my question is not how do I set my variables from my html form, I can do that easily enough. My question is how do I use those variables in the INSERT INTO userinfomj VALUES and get them to pass through correctly.

INSERT INTO userinfomj VALUES ('".$username."', '".$pass."', '".$email."')

doesn't work correctly and I want to know what the format I need is to get my variables to get inputted into my DB.

Cheers

 

$insert = "INSERT INTO userinfomj VALUES ($username, $pass, $email)" or die ("Failed at query construction");

PHP:

PHP has what's called variable interpolation (or is it extrapolation?)
All you need to do is define a string and place variables in like that, and they will get substituted in with their actual values. You can make things neater if you want, by doing it like this:

$insert = sprintf("INSERT INTO userinfomj VALUES (%s, %s, %s)",
   $username,
   $pass,
   $email);

PHP:

But you also want to be sure you escape your values, so that they aren't prone to MySQL injection. addslashes isn't the best for doing this, so I would substitute your addslashes() functions with mysql_real_escape_string(). Note that you will need to have an established MySQL connection for mysql_real_escape_string() to work properly though.

 

Replace:

$insert = "INSERT INTO userinfomj VALUES ('".$username."', '".$pass."', '".$email."')" or die("Failed at query construction");
$add_member = mysql_query($insert) or die("Failed at add_member construction");

PHP:

With:

Replaceing the red values with the Sql strucher/names that your using


Shane

 

Shane's solution will also work, although I prefer using variable interpolation.

The key thing mr.jinsue is that when you send an INSERT query, you have two options. You can either not define which fields you are entering VALUES() for, in which case, you must enter values for EVERY field of that table, or you can define which fields you wish to enter values for like Shane's solution has, and then only enter data for those particular fields. The key is making sure you give PHP all the data it needs depending on which type of INSERT query you use.

 

Ok after reading what you guys said, I've decided to go with omgitsfletch's way.

So here's what my code looks like now.

$pass = mysql_real_escape_string($_POST['pass']);
$username = mysql_real_escape_string($_POST['username']);
$email =mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string(md5($_POST['pass']));

// now we insert it into the database
$insert = "INSERT INTO userinfomj VALUES ($username, $pass, $email)" or die("Failed at query construction");
add_member = mysql_query($insert) or die("Failed at add_member");
?>

PHP:

And it still returns "Failed at add_member" soooo please do tell what I'm doing wrong.

I'm unsure of why Shane wants me to put in if(!$add_member){
die("unable to insert query");
}
and change the previous or die to mysql_error() however I have had a bit of a problem with error code screwing things up so is that why?

And there are only 3 columns in the DB which ate username password and email so there isn't any need to specify them; I was before but I felt it just added unnessicary code.

Thanks for all the responses, cheers

 

$username = mysql_real_escape_string($_POST['username']);
$email =mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string(md5($_POST['pass']));

// now we insert it into the database
$insert = "INSERT INTO userinfomj VALUES ($username, $pass, $email)" or die("Failed at query construction");
add_member = mysql_query($insert) or die(mysql_errno().":".mysql_error());
?>

PHP:

I removed that first $pass, it's redundant. Also I changed the die message so instead it will give us the specific error number and message that is happening. Run this and tell me what the specific error is, and that might help us solve it.

 

Well upon loading the initial page (no data entered) I got this error. "Parse error: parse error, unexpected '=' in /home/www/webguardians.awardspace.com/upload/register.php on line 94"

Line 94 is add_member = ...

I think the mysql_errno() making the problem.
We're getting closer

Cheers

 

Whoops, that should be $add_member. Stupid mistake on my part.

 

Smacks head, why didnt I see that....

 

Ok the problems continue

Error: "1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com)' at line 1"

When I entered through the form.

This is a new error to me so I dont have a clue and is the mysql_errno whats giving it out (out of interest)?

Cheers

 

mysql_query("INSERT INTO userinfomj VALUES ('$username', '$pass', '$email')")

PHP:

Note the quotes around values.

 

Yay I got it to work! I think there were all those minor problems with the code but the main reason for it not working is, and I feel really dumb for this, is that I was connecting to the same named DB and Table, DB was userinfomj but within that my table was login_info. Sooo, having the correct table always helps but I think there were other problems which you guys helped fix too.

Question though - I encoded the Password to md5 hash and now in my DB it is in the hash, so how do I convert it back to normal for when someone logs in?

 

MD5 is one way encryption. You compare the md5 of the posted password value. So if the md5 of the posted password is the same as the hash in the database, then there is a match.

Here is the simplest example:

mysql_query(
  "SELECT * FROM users " . 
  "WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' " .
  "AND password = '" . $_POST['password'] . "'"
  );

PHP:

 

Oh ok I get what you're saying, thanks for all your help guys.